Bananapro Image Gen

PassAudited by ClawScan on May 1, 2026.

Overview

This image-generation skill appears purpose-aligned, but it uses API keys and sends prompts or chosen images to an external Gemini/proxy endpoint.

Before installing or using this skill, decide whether you trust the configured Gemini/proxy endpoint, set NEXTAI_API_URL explicitly if using a proxy, keep API keys protected, and avoid sending confidential prompts or private images.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

A leaked or misrouted API key could allow someone else to spend the user's API quota or access the associated provider account capabilities.

Why it was flagged

The script reads a user API key and includes it in the provider request URL. This is expected for Gemini image generation, but the key grants account/quota access and should be protected.

Skill content

api_key = api_key or os.environ.get("NEXTAI_API_KEY") or os.environ.get("GEMINI_API_KEY") ... url = f"{api_url.rstrip('/')}/models/{model}:generateContent?key={api_key}"

Recommendation

Use a limited-scope API key if available, prefer environment variables over command-line arguments, and rotate the key if it is exposed.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Private prompts or images supplied to the tool may be processed by Google or by whichever proxy endpoint the user configures.

Why it was flagged

The prompt, and optionally the contents of a selected local image file, are sent to the configured external API endpoint. This is purpose-aligned for image generation/editing but creates a provider data-sharing boundary.

Skill content

payload = {"contents": [{"parts": [{"text": prompt}]}]} ... "inline_data": {"mime_type": mime_type, "data": image_data} ... response = requests.post(url, ... json=payload, timeout=120)

Recommendation

Do not use sensitive images or confidential prompts unless you trust the configured provider and its privacy policy.

Low

#ASI09: Human-Agent Trust Exploitation

What this means

A user may misunderstand which service will receive their API key and generation content.

Why it was flagged

The documentation describes a third-party proxy as the default/recommended service, while the script defaults to Google's Gemini endpoint unless NEXTAI_API_URL is set. This endpoint ambiguity affects where keys, prompts, and images are sent.

Skill content

SKILL.md: "apipro.maynor1024.live（默认）"; scripts/generate_image.py: os.environ.get("NEXTAI_API_URL", "https://generativelanguage.googleapis.com/v1beta")

Recommendation

Set NEXTAI_API_URL explicitly when using a proxy, or use GEMINI_API_KEY with the official endpoint intentionally.